Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 1, 2025, 9:59 a.m.	May 1, 2025, 10:01 a.m.

Size	706.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bd551fb89a9dbd192717d3dabe8dc902`
SHA256	`9b93677dfa0fef47373d7739910a3b355dc54aa43dabe4bf8a8dc7f97a54acb1`
CRC32	`E6EC4483`
ssdeep	`12288:LIurv8NX666cIUvXUh8TdRvdtRVTjnjU4tJqq/PNdFKA519NdE9CLDJjXA3qpwHS:LI+C69Kku5RXvjU4RNdFKAjdE4LRA3qt`
Yara	PE_Header_Zero - PE File Signature mzp_file_format - MZP(Delphi) file format IsPE32 - (no description)

XPT.exe "C:\Users\test22\AppData\Local\Temp\XPT.exe"
1688
- XPT.exe "C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPT.exe"
  2076

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 1, 2025, 9:59 a.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory May 1, 2025, 9:59 a.m.	process_identifier: 2076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00600000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory May 1, 2025, 10 a.m.	process_identifier: 2076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW May 1, 2025, 9:59 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 9933017088 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

file	C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPTweaker.dll
file	C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPT.exe
file	C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe

file	C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPT.exe

file	C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPT.exe
file	C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe
file	C:\Users\test22\AppData\Local\Temp\~sfx003EA041DC\XPTweaker.dll

section

{u'size_of_data': u'0x0000e800', u'virtual_address': u'0x00a1e000', u'entropy': 7.855806517014254, u'name': u'UPX1', u'virtual_size': u'0x0000f000'}

entropy

7.85580651701

description

A section with a high entropy has been found

entropy

0.773333333333

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
CAT-QuickHeal	Trojan.Ghanarava.16630567448dc902
Skyhigh	BehavesLike.Win32.Generic.bc
ALYac	Gen:Variant.Jaik.272451
Cylance	Unsafe
VIPRE	Gen:Variant.Jaik.272451
Sangfor	Trojan.Win32.Agent.Vk6s
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Gen:Variant.Jaik.272451
Arcabit	Trojan.Jaik.D42843
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Generik.LMPLFRZ
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Backdoor:Win32/Zegost.f83c9033
MicroWorld-eScan	Gen:Variant.Jaik.272451
Rising	Malware.Generic!8.BA4C (CLOUD)
Emsisoft	Gen:Variant.Jaik.272451 (B)
Zillya	Trojan.Heur2.Win32.491
TrendMicro	TROJ_FRS.0NA103FH23
McAfeeD	ti!9B93677DFA0F
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Google	Detected
Antiy-AVL	Trojan[Backdoor]/Win32.Zegost
Microsoft	Program:Win32/Wacapew.C!ml
GData	Gen:Variant.Jaik.272451
Varist	W32/ABTrojan.THFI-0668
AhnLab-V3	Trojan/Win.CoinMiner.R374645
McAfee	GenericRXAA-AA!BD551FB89A9D
DeepInstinct	MALICIOUS
VBA32	TScope.Trojan.Delf
Malwarebytes	Generic.Trojan.Malicious.DDS
Ikarus	Trojan-Downloader.FraudLoa.ZF
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_FRS.0NA103FH23
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
alibabacloud	Software:Multi/Wacatac.B9nj

XPT.exe